User Profile in Identity Management System

April 9, 2011 by Igor Lozhkin

One of key purposes of an identity management system is to maintain user profiles and allow frequent changes to user profile structure. As business requirements change faster than ever and shared and concurrent use of identity management system by multiple applications is growing, the way user profile is architected, maintained and exposed as a service to various applications becomes an important factor in contemporary web-based integration projects. Arnica UnifiedLogon (http://www.arnicasoftware.com/products/identity-management/overview.aspx) is one of the most versatile identity management systems designed specifically to meet such requirements. It allows constructing user profiles of virtually unlimited complexities and effectively managing them by using several types of data structures, which may be chosen by designers based on particular use specifications:

Standards properties - a collection of built-in user properties such as FirstName, LastName, EmailAddress, and others, which are common in many use scenarios. These properties provide right out-of-the-box ready-to-use data structures.

Global custom properties - a customizable collection of user properties defined by administrators. These properties are stored in a separate table connected with the user account using one-to-one relation. Once a new global user property is defined, it is available to all users.

Application-specific custom properties - another customizable collection of user properties defined by administrators, however, only related to a particular application which is registered with UnifiedLogon. These properties are stored in an application-specific table created for each application. User account must be initialized in the context of the application before application-specific user properties may be associated with the user.

User configuration directory - a hierarchical data structure of key-value pairs with sub-keys created per applications. Different users may have different key structures created within the same applications and may also have keys in the context of other applications.

User profile data stores - free-standing tables, which maintain user-related custom properties not necessarily associated with any applications and one-to-many related to user accounts. As an option, UnifiedLogon allows creating user profile data stores in separate dedicated databases, possibly located on separate servers, which might be a consideration when a particular data store is designed to accumulate very large volumes of user data.

Such user profile versatility provides exceptional support for build-as-you-go approach to user management, i.e. start with standard properties and add additional properties as newer components are integrated with the system, which require support for their user properties. User profile services provided by Arnica UnfieidLogon allow reading and updating user properties implemented with any of above-mentioned methods via a set of web service (REST) APIs as well as database APIs (views and stored procedures).